来源

关联漏洞

介绍

# NodeJS Insecure Deserialisation Vulnerability Demo

Node.js is an open-source runtime environment used to implement server functionality in JavaScript. <br>A specific software package within Node.js contains a vulnerable function dealing with deserialisation, that causes it to run unauthorised commands if the client provide a specially crafted cookie.<br> This vulnerability was replicated and can potentially launch a reverse shell, which is possible due to the unsanitised input data that is read from a cookie in a client’s request. The client can edit their cookies, inject an insecure payload containing a bash command, and send it to the server where it will blindly execute the command. This can lead to unauthorised users accessing databases or full machines. <br><br>The ethical implications of this type of vulnerability lie in the data that can be accessed in the databases on the backend server. Depending on the data, it can be detrimental to a user's security and can impact a company's reliability and reputation. Because of this, finding the vulnerabilities before other attackers is important. There are a variety of different tools available such as Snyk, Burp Suite and other paid options available to identify these vulnerabilities. <br><br>The best way to mitigate this vulnerability is to practice proper input sanitisation and to discontinue any use of the vulnerable unserialise function within node.js. The replacement for this vulnerable function, JSON.parse, is recommended

文件快照

 [4.0K]  /data/pocs/9b5a00e24fecf65bf8818a2e2ae3074ab1ae8d15
├── [1.2K]  index.js
├── [ 477]  package.json
├── [ 41K]  package-lock.json
├── [ 278]  payload.js
└── [1.5K]  README.md

0 directories, 5 files

备注